Bug 1733505 - Non admin user can not query API /katello/api/capsules/:id
Summary: Non admin user can not query API /katello/api/capsules/:id
Status: NEW
Alias: None
Product: Red Hat Satellite
Classification: Red Hat
Component: Users & Roles
Version: 6.4.0
Hardware: All
OS: All
Target Milestone: Unspecified
Assignee: satellite6-bugs
QA Contact: Radovan Drazny
Depends On:
TreeView+ depends on / blocked
Reported: 2019-07-26 10:02 UTC by roarora
Modified: 2020-07-13 13:51 UTC (History)
5 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Last Closed:
Target Upstream Version:

Attachments (Terms of Use)

System ID Private Priority Status Summary Last Updated
Foreman Issue Tracker 30385 0 Normal New Non admin user can not query API /katello/api/capsules/:id 2021-01-21 09:39:51 UTC

Description roarora 2019-07-26 10:02:34 UTC
Description of problem:

If a non admin user calls a GET API on satellite.example.com/katello/api/capsules/1, it fails with response : 
"message": "Resource smart_proxy not found by id '1'"

Non admin user has "view_smart_proxies" permissions assigned. Even if all available persmissions are assigned to the user, the error response is same.

User is able to query information for all capsules i.e GET on /katello/api/capsules/ but not for a particular ID /katello/api/capsules/:id

The API /katello/api/capsules/:id is called  by bootstrap.py script with --new-capsule switch so bootstrap.py cannot be run with non admin user.

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:
1. Create a user role and assign all available permissions to it. Create a user and assign the role to the user. User should be non admin 
2. Run following api with above user and it fails
# curl -u user:password https://satellite.example.com/katello/api/capsules/1

Actual results:
APi fails with response "message": "Resource smart_proxy not found by id '1'"

Expected results:
Non admin user should be able to call that API with appropriate permissions assigned

Comment 4 Marek Hulan 2019-11-21 11:13:02 UTC
Is the user assigned to the same organization and location as the capsule? Does the user have permission to view_organizations and view_locations (potentially limited to only these)?

Comment 5 Jessica Richards 2019-12-12 20:08:37 UTC
Marek: Yes, the user was already assigned to the same organization and location as the capsule, and the user's role already had the view_organizations and view_locations permissions.

Comment 6 Shira Maximov 2020-07-13 13:50:36 UTC
Created redmine issue https://projects.theforeman.org/issues/30385 from this bug

Note You need to log in before you can comment on or make changes to this bug.